MITM where attacker needs to install their own CA certs on the victim's device -- sure, out of scope.

MITM because you used http instead of https and you don't have any other verified cryptographic signature on your data -- get tae fuck, fix it pronto.

▲

pietervdvn 2 hours ago | parent [-]

I'd even count this as "having local access to the device", as that is what is needed to install such a cert

	▲	arcfour an hour ago \| parent [-]
		I think it's fair to say that requiring local administrative access to the device is out of scope, since you have already completely pwned the device in that case, which is what what you need to install a CA cert on any OSes.